Lucene search

@huntrdevCVELIST:CVE-2023-3491

HistoryJun 30, 2023 - 9:11 p.m.

CVE-2023-3491 Unrestricted Upload of File with Dangerous Type in fossbilling/fossbilling

2023-06-3021:11:09

CWE-434

@huntrdev

www.cve.org

github repository

unrestricted upload

dangerous type

vulnerability

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%

JSON

Unrestricted Upload of File with Dangerous Type in GitHub repository fossbilling/fossbilling prior to 0.5.3.

CNA Affected

[
  {
    "vendor": "fossbilling",
    "product": "fossbilling/fossbilling",
    "versions": [
      {
        "version": "unspecified",
        "lessThan": "0.5.3",
        "status": "affected",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/fossbilling/fossbilling/commit/2ddb7438ee0d05f9a9d01555edcfed820960f114

huntr.dev/bounties/043bd900-ac78-44d2-a340-84ddd0bc4a1d

8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVELIST:CVE-2023-3491